<?php
if (!defined('__BACKEND__')) die ("you cannot directly access this page");
/*
 * Create by Sony K Wibisono,S.Si
 * e-mail : sony@sonywibisono.com
 * Do not copy without permission
 */
include ("class/AppSession.php");
include ("class/AppUsers.php");
function _default(){
    
?>

<div align="center">
<div id="loginForm">
<h1>Log into System</h1>
    <form action="?mod=users&file=login" method="post">
    <input type="hidden" name="action" value="login">
    <table>
        <tr><td class="field_name">Nama User</td> 
            <td class="field_object"><input class="login_text" type="text" name="username" size="18"
                       value="<?php if (isset($_COOKIE['user_name']))
                           echo $_COOKIE['user_name'];?>"/></td></tr>
        
        <tr><td class="field_name">Password</td> 
            <td class="field_object"><input class="login_text" type="password" name="password" size="18"></td></tr>
        <tr><td>&nbsp;</td><td><img id="captcha" src="securimage/securimage_show.php" alt="CAPTCHA Image" /></td></tr>
        <tr><td class="field_name">Huruf Acak</td> <td><input type="text" class="login_text" name="CAPTCHA" size="10" maxlength="6"></td></tr>
        <tr><td>&nbsp;</td><td><input class="button" type="submit" value="Login"></td></tr>
     <!--  <tr><td align="right"><input type="checkbox" name="save_cookie" value="1" />
     </td><td>Simpan Selalu user ini</td></tr>-->
    </table>   
    
    
</form>
</div>
</div>

<?php
}
function check_session($userid){
     global $db;
     $sql="select count(*) from app_session 
     where app_user_id=$userid and app_session_id='".session_id()."'";
     $row=$db->fetch_row($sql);
     if (!empty($row)){
         return $row[0]>0;
     } else return FALSE;
}
function update_log($userid){
    global $db;
    $sql="update _user_logs set on_line='0' 
    where user_id=$userid and session_id!='".session_id()."'";
    $db->query($sql);
}
function login_process(){
    global $db,$username,$password,$CAPTCHA,$securimage,$save_cookie;
    if ($securimage->check($CAPTCHA) == false) {
     $message= "The security code entered was incorrect.<br /><br />".
          "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
     error_msg($message);
    // echo "$save_cookie";
     exit;
    } else {
    if (is_user_exist($username)){
        $user=new AppUsers();
        $user->open($username);
        $userid=$user->id;
        $status=$user->loginUser($password);
        if ($user->locked=='N'){
        //echo " password : ".$password_db;
        if (strcasecmp($status, "succeed")==0){
            $app_session=new AppSession();
            $app_session->app_user_id=$userid;
            $app_session->app_session_id=session_id();
            $app_session->remote_address=$_SERVER['REMOTE_ADDR'];
            $app_session->user_agent=$_SERVER['HTTP_USER_AGENT'];
            $app_session->updateLogin();
            $_SESSION['user_id']=$userid;
            $_SESSION['user_name']=$username;
            $_SESSION['login_status']=TRUE;
            $_SESSION['app_role']=$user->app_role_id; 
             
            if ($user->app_role_id=='1'){
                $_SESSION['is_admin']=1;
            } else {
                $_SESSION['is_admin']=0;
            }
            if ($save_cookie=='1'){
                session_start();
                setcookie("user_name",$username,time()+86400);    
                setcookie("pass_word",$password,time()+86400);
            }
            
           // header("Location:index.php?mod=events"); 
            if ($user->app_role_id==5){
                refresh_to("index.php?mod=content", "Welcome to OHMS!", 2);
            } else
               refresh_to("index.php?mod=panel", "Anda dialihkan ke Control Panel!", 2);
            } else {
                
                $_SESSION['login_status']=FALSE;
            error_msg("Password Salah") ;
            }
        } else {
            error_msg("Your Login is Locked, Please Contact Administrator to Unlocked!");
        }
    } else {
        $err= "<h1>User belum terdaftar !</h1>
            Daftar dulu <a href=\"?mod=users&file=register\">disini</a>, atau kembali
            ke halaman <a href=\"index.php\">depan</a>";
        error_msg($err);
    }
    
    }
}
global $action;
switch ($action){
    case 'login':
        login_process();
        break;
    default:
        if ($login_status==FALSE){
        _default();
        } else {
         refresh_to("index.php?mod=events", "Anda sudah login, sekarang dialihkan ke Halaman Event!", 2);  
        }
        break;
}
?>